|
Overview
This course is taught at Daytona State College as part of the Engineering Technology program.
Start here!
Attendance:There is no physical classroom for this course. To check attendance you are to complete the Syllabus quiz by the assigned due date. Please read the syllabus prior to taking the quiz. If you fail to complete the quiz prior to the indicated due date you will be counted as "not attending," which may affect any financial aid you may be receiving. |
How My Classes Work
This class requires quite a few readings, those are essential to understanding digital forensics. That being said, we learn best by doing. Just because you can explain something on paper doesn't mean you can actually perform a task. Therefore we'll be doing LOTS of forensics.
That doesn't mean this class is easy. In fact it's difficult. You'll have to do some forensic tasks then write up a professional quality report. The report is VERY important as it's something you'll have to do in the real world. So you'll need to not only make sure you do your forensics correctly, but also do a good job of writing up the report!
We will be using VMWare and Linux extensively in this course. As CTS3348 is a prerequisite for this course that means you already understand how to work with VMWare and Linux. In fact you can use the same version of Linux you used for that course!
Prerequisites
Required: CTS3348 Linux Administration.
|
Course Outcomes
By the end of this course successful students will be able to: 1. Students shall be able to discuss the rules, laws, policies, and procedures that affect digital forensics 2. Students will demonstrate the proper use of FTK, data carving tools (foremost and Photorec), and various Linux utilities (e.g., dd) to create a forensic image and analyze it. 3. Students will be able to perform the steps included in a digital investigation from the initial recognition of an incident through the steps of evidence gathering, preservation and analysis, through the completion of legal proceedings. 4. Students will write professional quality reports that include both a summary report (for administrative review) and a notes section, which describes the technical procedures used in the investigation (for peer review). 5. Students will be able to identify major components of the FAT and VFAT file systems, and manually recover several deleted files using the Linux utility dd and a hex viewer. 6. Students will be able to identify important file metadata and apply their use in a forensic investigation. 7. Students will be able to identify components of the Windows Registry, as well as the hives comprising it. 8. Students will be able to perform a forensic investigation on a forensic image, using various tools to recover evidence, resulting in report documenting the investigation.
Textbook Guide to Computer Forensics and Investigations. Bill Nelson, Amelia Phillips, Christopher Steuart. 5th edition (used for this course and CET4861 Advanced Forensics). |
Course LecturesClick here to view All Course Lectures
Course lectures are usually 10-30 minutes long, and are in MP4 format. More information is available or individual lectures in the link above.
I suggest you save each lecture to your hard drive so you may access it anytime. Pause when you need to. Replay when you need to. Have you ever tried doing that in a 'live' class? Maybe a couple of times, but now YOU are in control.
Also, an analogy: I bought Tiger Woods' book on golf. Read the whole thing cover to cover. Now I can play golf just like Tiger. Nope. Have to practice, again and again and again. Same thing goes for this class. Can't learn how to create firewalls, intrusion detection rules, etc., by just watching a video lecture. You MUST practice, as much as possible. I highly suggest that while watching the video you have your Linux virtual machine running. Pause the video when I run a command. Run the command, see what it does. Start the video, and repeat.
You may ask: "Why are your videos so much shorter than a regular class?" Have you ever seen a recording of a regular class? Most of it is 'dead space,' nothing being said, idle chit chat, etc. My lectures are intentionally 'dense' with material. Take a 1.5 hour lecture, remove extraneous information, pauses, chit chat, dead space, and voila -- a condensed version that is 10-30 minutes. The 'Cliff Notes' of lectures (you young people may have to Google that).
It takes more time to edit my videos than record them. The condensed version allows you use YOUR time more wisely. There's no sense in doing it any other way. You're welcome. :) |
Certificate in Cybersecurity and Cyberforensics
If you are in the BSIT program then this is a great opportunity for you to earn the new Cybersecurity and Cyberforensics certiciate. Here's the link that explains more.
|